/
SWIM-SERV-160 Security constraints

SWIM Supporting Material

SWIM-SERV-160 Security constraints

2024 Jun 10
Page Table of Content

 

Requirement

Title

Security constraints

Identifier

SWIM-SERV-160

Requirement

A service description shall include or refer to information about the security constraints which apply to accessing and using the service.

Rationale

This requirement ensures that a service consumer is aware of any restrictions on the access and use of the service.

Verification

Completeness: Verify that the elements included cover the required security constraints.

Consistency: Not Applicable.

Correctness: Not Applicable.

Examples/Notes

Example security constraints:

  • Authentication:

    • Statement of the authentication mechanisms used on consumer and provider side;

    • Statement of the failed authentication constraints;

    • Identity tokens;

  • Authorisation:

    • Statement on the authorisation mechanism used;

    • Credentials used for the authorisation;

    • Levels of authorisation;

  • Confidentiality:

    • Statement of the confidentiality offered by the service (e.g. message, transport, network, none…);

    • Elements of the payload whose confidentiality is required or provided (whole payload, body, specific sub-elements…);

    • Cryptographic algorithms and key sizes;

  • Integrity:

    • Statement of the integrity offered by the service (e.g. message, transport, network, none…);

    • Elements of the payload whose integrity is required or provided (whole payload, body, specific sub-elements…);

    • Cryptographic algorithms and key sizes.

Level of Implementation

Mandatory

Guidance

Verification Support

Completeness

Check that:

[  ] The service description includes or refers to information about the security constraints which apply to accessing and using the service.

Examples

The following example shows the content as a table.

security constraints



authentication

Authentication is required - the access to the service is based on user id and password. The service utilizes X.509v3 public certificates.

authorisation

 

confidentiality

The service relies on TLS 1.2 to provide integrity and confidentiality.

integrity

The service relies on TLS 1.2 to provide integrity and confidentiality.

The following example shows an extract of the content of a JSON file that conforms to the Service Metadata Schema

Example of SWIM-SERV-160 using Service Metadata Schema
"generalDescription": { "accessAndUseConditions": [{ "type": "SECURITY_CONSTRAINT", "name": "authentication", "description": "Authentication is required - the access to the service is based on user id and password. The service utilizes X.509v3 public certificates." }, { "type": "SECURITY_CONSTRAINT", "name": "confidentiality", "description": "The service relies on TLS 1.2 to provide integrity and confidentiality." }, { "type": "SECURITY_CONSTRAINT", "name": "integrity", "description": "The service relies on TLS 1.2 to provide integrity and confidentiality." }] }

Complete examples are available at Example service description.

Status: Living Material